{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-55549", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-14T19:27:01.711Z", "dateReserved": "2024-12-08T00:00:00.000Z", "datePublished": "2025-03-14T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libxslt", "vendor": "xmlsoft", "versions": [{"lessThan": "1.1.43", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-14T01:02:10.105Z"}, "references": [{"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/127"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.43"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-14T19:26:54.516211Z", "id": "CVE-2024-55549", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T19:27:01.711Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-55549", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-14T19:26:54.516211Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T19:13:50.017Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}}], "affected": [{"vendor": "xmlsoft", "product": "libxslt", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.43", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/127"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.1.43"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-14T01:02:10.105Z"}}}, "cveMetadata": {"cveId": "CVE-2024-55549", "state": "PUBLISHED", "dateUpdated": "2025-03-14T19:27:01.711Z", "dateReserved": "2024-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes."}], "id": "CVE-2024-55549", "lastModified": "2025-03-14T02:15:15.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.8, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-03-14T02:15:15.333", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/127"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3612", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "libxslt-0:1.1.28-8.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3615", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libxslt-0:1.1.32-6.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3615", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libxslt-0:1.1.32-6.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3619", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libxslt-0:1.1.32-6.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3626", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libxslt-0:1.1.32-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3626", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libxslt-0:1.1.32-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3626", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libxslt-0:1.1.32-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3625", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "libxslt-0:1.1.32-8.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3625", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "libxslt-0:1.1.32-8.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3625", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "libxslt-0:1.1.32-8.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3624", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libxslt-0:1.1.32-8.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3627", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "libxslt-0:1.1.34-11.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3614", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libxslt-0:1.1.34-11.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3613", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "libxslt-0:1.1.34-13.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-04-07T00:00:00Z"}], "bugzilla": {"description": "libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)", "id": "2352484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.", "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-55549", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libxslt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libxslt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-03-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-55549\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-55549\nhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/127"], "threat_severity": "Important"}